• Authentication: Open, bind and unbind; allows the client to prove its identity to the DSA.

• Interrogation: Search, compare; provides a method for the client to interrogate the directory information tree.

• Update: Add, Modify, Delete; defines a mechanism for the client to add or modify information in the directory information tree.

common directory products

(Microsoft Active Directory;

Novell eDirectory;

Apple Open Directory;

Sun Java System Directory Server;

Apache Directory Server;

Oracle Internet Directory)

How does LDAP relate/compare to X.500?

• LDAP was originally developed as an alternative to X.500 DAP protocol

• It was designed to use TCP/IP instead of OSI protocol stack (“lighter protocol”).

• LDAP evolved into a complete directory service

• LDAP’s architecture and naming structure are based on X.500 standard

• Although today’s version of DAP also runs over TCP/IP, LDAP remains the popular option for connection to a Directory.

what is LDAP?

"Lightweight Directory Access Protocol"

-LDAP is an open network protocol standard designed to provide access to distributed directories.

-LDAP provides a mechanism for querying and modifying information that resides in a directory information tree (DIT).

-LDAP is just a protocol that defines the method by which directory data is accessed.

-Necessarily, it also defines and describes how data is represented in the directory service (the Data Model).

-Finally, it defines how data is loaded (imported) into and saved (exported) from a directory service (using LDIF).

X.500 directory architecture

The X.500 Directory is developed for storing information about objects, such as organizations, persons, distribution lists, groups, certification authorities, etc. The information stored about an object is identity information and other information associated with the object, e.g. its postal address.

• Implemented as a distributed database

• All network entities are implemented as objects with attributes

• Schema defines the directory “blueprint”

what is a directory?

A directory service is the collection of software, hardware, processes, policies, and administrative procedures involved in making the information in your directory available to the users of your directory.

It’s a hierarchical database that stores information in an object-oriented, rather than a tabular form, as an RDBMS does. The difference in the architecture is in the type of services that a directory provides.

Directory as a database comparison

Directory is a specialized database

• Directories typically have a higher read-to-write ratio than databases.

• Directories are typically more easily extended

• Directories are usually more widely distributed

• Directories are often replicated on a higher scale

• Directories usually have very different performance characteristics

Support for standards is important in directories, less so in databases.

what is ASN.1?

a standard for describing data that is independent of machine-specific encoding.

Why is ASN.1 necessary to defined managed objects?

A managed object's datatype is defined using a subset of Abstract Syntax Notation One(ASN.1). ASN.1 is a way of specifying how data is represented and transmitted between managers and agents, within the context of SNMP. The nice thing about ASN.1 is that the notation is machine-independent. This means that a PC running Windows NT can communicate with a Sun SPARC machine and not have to worry about things such as byte ordering.